IIT Home Page CNR Home Page

nDPI: Open-Source High-Speed Deep Packet Inspection

Network traffic analysis has been traditionallylimited to packet header as the transport protocol andapplication ports were usually enough to identify the applicationprotocol. With the advent of port-independent, peer-to-peer andencrypted protocols, the task of identifying application protocolshas become increasingly challenging, thus paving the way to thecreation of tools and libraries for network protocol classification.This paper covers the design and implementation of nDPI, anopen-source library for the protocol classification through theanalysis of both packet header and payload. nDPI has beenvalidated extensively in various monitoring projects rangingfrom Linux kernel protocol classification, to analysis ofsuspicious communications targeting the .it ccTLD.


TRAC 2014, Nicosia, 2014

Autori esterni: Alfredo Cardigliano (ntop)
Autori IIT:

Tipo: Articolo in Atti di convegno internazionale
Area di disciplina: Information Technology and Communication Systems